prosim o kontrolu logu problemy s pc

[Rudy]

Smažte vše, co Avira nejde. Více antivirů neinstalujte, docházelo by k sw kolizím.

[Marcillon]

Pridavam report z Aviry treba to v necem pomuze osvetlit to co nasla.....

Avira Free Antivirus
Report file date: 12. srpna 2012 19:48

Scanning for 4096284 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Marcillon
Computer name : MARCILLON-PC

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 18.7.2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 18.7.2012 16:04:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 18.7.2012 16:05:06
LUKE.DLL : 12.3.0.15 68304 Bytes 18.7.2012 16:04:59
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 18.7.2012 16:04:51
AVREG.DLL : 12.3.0.33 232232 Bytes 18.7.2012 16:04:51
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 1.2.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.3.2012 22:38:13
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.6.2012 16:05:05
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.6.2012 16:05:05
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.6.2012 16:05:05
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.6.2012 16:05:05
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.6.2012 16:05:05
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.6.2012 16:05:05
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.6.2012 16:05:05
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.6.2012 16:05:05
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.6.2012 16:05:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.7.2012 17:40:49
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.7.2012 17:40:49
VBASE016.VDF : 7.11.38.143 171008 Bytes 2.8.2012 17:40:49
VBASE017.VDF : 7.11.38.221 178176 Bytes 6.8.2012 17:40:49
VBASE018.VDF : 7.11.39.37 168448 Bytes 8.8.2012 17:40:50
VBASE019.VDF : 7.11.39.89 131072 Bytes 9.8.2012 17:40:50
VBASE020.VDF : 7.11.39.145 142336 Bytes 11.8.2012 17:40:50
VBASE021.VDF : 7.11.39.146 2048 Bytes 11.8.2012 17:40:50
VBASE022.VDF : 7.11.39.147 2048 Bytes 11.8.2012 17:40:50
VBASE023.VDF : 7.11.39.148 2048 Bytes 11.8.2012 17:40:50
VBASE024.VDF : 7.11.39.149 2048 Bytes 11.8.2012 17:40:50
VBASE025.VDF : 7.11.39.150 2048 Bytes 11.8.2012 17:40:50
VBASE026.VDF : 7.11.39.151 2048 Bytes 11.8.2012 17:40:50
VBASE027.VDF : 7.11.39.152 2048 Bytes 11.8.2012 17:40:50
VBASE028.VDF : 7.11.39.153 2048 Bytes 11.8.2012 17:40:50
VBASE029.VDF : 7.11.39.154 2048 Bytes 11.8.2012 17:40:50
VBASE030.VDF : 7.11.39.155 2048 Bytes 11.8.2012 17:40:50
VBASE031.VDF : 7.11.39.170 45568 Bytes 12.8.2012 17:40:50
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 12.8.2012 17:40:52
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 12.8.2012 17:40:52
AESCN.DLL : 8.1.8.2 131444 Bytes 16.2.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 18.7.2012 16:04:48
AERDL.DLL : 8.1.9.15 639348 Bytes 20.1.2012 23:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 12.8.2012 17:40:51
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 12.8.2012 17:40:51
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 12.8.2012 17:40:51
AEHELP.DLL : 8.1.23.2 258422 Bytes 18.7.2012 16:04:45
AEGEN.DLL : 8.1.5.34 434548 Bytes 12.8.2012 17:40:51
AEEXP.DLL : 8.1.0.74 86387 Bytes 12.8.2012 17:40:52
AEEMU.DLL : 8.1.3.2 393587 Bytes 12.8.2012 17:40:50
AECORE.DLL : 8.1.27.4 201078 Bytes 12.8.2012 17:40:50
AEBB.DLL : 8.1.1.0 53618 Bytes 20.1.2012 23:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.7.2012 16:04:53
AVPREF.DLL : 12.3.0.15 51920 Bytes 18.7.2012 16:04:51
AVREP.DLL : 12.3.0.15 179208 Bytes 18.7.2012 16:04:51
AVARKT.DLL : 12.3.0.15 211408 Bytes 18.7.2012 16:04:49
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.7.2012 16:04:50
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.7.2012 16:05:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 18.7.2012 16:04:52
NETNT.DLL : 12.3.0.15 17104 Bytes 18.7.2012 16:04:59
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 18.7.2012 16:05:09
RCTEXT.DLL : 12.3.0.31 97784 Bytes 18.7.2012 16:05:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 12. srpna 2012 19:48

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Media Player NSS\3.0\Events\{A0AF84E1-CCC5-4F18-ABAC-7F8CCE07DE8C}
[NOTE] The registry entry is invisible.
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\3E
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Health\{399FD63C-FB81-407A-B7FE-1935603C4F21}
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-603454982-2203807901-2291800243-1001\Software\Avira\AntiVir Desktop\profDataStr
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '43' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '84' Module(s) have been scanned
Scan process 'avcenter.exe' - '108' Module(s) have been scanned
Scan process 'daemonu.exe' - '62' Module(s) have been scanned
Scan process 'avgnt.exe' - '82' Module(s) have been scanned
Scan process 'sched.exe' - '40' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '60' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '32' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '114' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'IELowutil.exe' - '58' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'GarenaMessenger.exe' - '139' Module(s) have been scanned
Scan process 'Skype.exe' - '153' Module(s) have been scanned
Scan process 'Explorer.EXE' - '157' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'nvtray.exe' - '50' Module(s) have been scanned
Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'taskhost.exe' - '40' Module(s) have been scanned
Scan process 'spoolsv.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '72' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '144' Module(s) have been scanned
Scan process 'svchost.exe' - '112' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '28' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '66' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Program Files\E-Book Systems\FlipAlbum 6 Pro Eval\uninst.exe
[WARNING] Unsupported archive version
The registry was scanned ( '1854' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\E-Book Systems\FlipAlbum 6 Pro Eval\uninst.exe
[WARNING] Unsupported archive version
C:\Program Files\Garena Plus\room\AutoUpdate\Skin\Skin.ggz
[WARNING] The file is password protected
C:\Program Files\Garena Plus\room\Skin\Skin.ggz
[WARNING] The file is password protected
C:\Program Files\Garena Plus\room\SkinRU\Skin.ggz
[WARNING] The file is password protected
C:\Program Files\Garena Plus\room\SkinTW\Skin.ggz
[WARNING] The file is password protected
C:\Program Files\Warcraft III\World Editor.exe
[DETECTION] Is the TR/Drop.QuickBatch.U.1 Trojan
C:\Program Files\WinRAR\rarnew.dat
[WARNING] Error no files to extract
C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{11AEB088-CD85-42CA-88AD-0FD458C78686}_ENC2
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{11AEB088-CD85-42CA-88AD-0FD458C78686}_ENC2
[DETECTION] Is the TR/Agent.ASOY Trojan
C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{37B869AC-5D91-476D-B032-89CD7AEC4F64}_ENC2
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{37B869AC-5D91-476D-B032-89CD7AEC4F64}_ENC2
[DETECTION] Contains virus patterns of Adware ADWARE/Bundledz.C
C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{A1BE0ACF-A793-4533-906B-250EE479DB5B}_ENC2
[0] Archive type: HIDDEN
--> FIL\\\?\C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{A1BE0ACF-A793-4533-906B-250EE479DB5B}_ENC2
[1] Archive type: Portable Executable Resource
--> CABINET
[2] Archive type: CAB (Microsoft)
--> done.exe
[DETECTION] Is the TR/Redirector.J Trojan
[WARNING] Error multiple volume
C:\Users\Marcillon\AppData\Roaming\a.7z
[WARNING] The file is password protected
C:\Users\Marcillon\AppData\Roaming\ChromePlus\ChromePlus_uninstall.exe
[WARNING] Invalid end of file
C:\Users\Marcillon\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Marcillon\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Marcillon\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Marcillon\Desktop\Setup+crack\Microsoft Office Professional Plus 2010 CZ 32 bit.rar
[0] Archive type: RAR
--> Crack\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe
[DETECTION] Is the TR/Drop.26690560.1 Trojan
C:\Users\Marcillon\Desktop\Setup+crack\Microsoft Office Professional Plus 2010 CZ 32 bit\Crack\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe
[DETECTION] Is the TR/Drop.26690560.1 Trojan
C:\Users\Marcillon\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\Marcillon\Downloads\trialpro6.exe
[WARNING] Unsupported archive version
C:\Users\Marcillon\Downloads\W3\Warcraft 3 Reing of Chaos+Frozen throne\Warcraft 3 Frozen Throne CZ.rar
[0] Archive type: RAR
--> Warcraft 3 Frozen Throne\Crack a Patch\crack\World Editor.exe
[DETECTION] Is the TR/Drop.QuickBatch.U.1 Trojan
C:\Users\Marcillon\Downloads\W3\Warcraft 3 Reing of Chaos+Frozen throne\Warcraft 3 Frozen Throne CZ\Warcraft 3 Frozen Throne\Crack a Patch\crack\World Editor.exe
[DETECTION] Is the TR/Drop.QuickBatch.U.1 Trojan

Beginning disinfection:
C:\Users\Marcillon\Downloads\W3\Warcraft 3 Reing of Chaos+Frozen throne\Warcraft 3 Frozen Throne CZ\Warcraft 3 Frozen Throne\Crack a Patch\crack\World Editor.exe
[DETECTION] Is the TR/Drop.QuickBatch.U.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '55ef59b8.qua'.
C:\Users\Marcillon\Downloads\W3\Warcraft 3 Reing of Chaos+Frozen throne\Warcraft 3 Frozen Throne CZ.rar
[DETECTION] Is the TR/Drop.QuickBatch.U.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4d78760a.qua'.
C:\Users\Marcillon\Desktop\Setup+crack\Microsoft Office Professional Plus 2010 CZ 32 bit\Crack\Microsoft Office 2010 Pro Plus x64 & x86 Activator and Keygen.exe
[DETECTION] Is the TR/Drop.26690560.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f342cc1.qua'.
C:\Users\Marcillon\Desktop\Setup+crack\Microsoft Office Professional Plus 2010 CZ 32 bit.rar
[DETECTION] Is the TR/Drop.26690560.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7903631f.qua'.
C:\Users\Marcillon\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3c944ec4.qua'.
C:\Users\Marcillon\AppData\Roaming\Microsoft\Windows\Templates\Office 2010 Toolkit.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '439b7cba.qua'.
C:\Users\Marcillon\AppData\Roaming\Microsoft\Windows\Templates\cryptedcybertoirrent.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0f0e50e3.qua'.
C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{A1BE0ACF-A793-4533-906B-250EE479DB5B}_ENC2
[DETECTION] Is the TR/Redirector.J Trojan
[NOTE] The file was moved to the quarantine directory under the name '73ee1043.qua'.
C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{37B869AC-5D91-476D-B032-89CD7AEC4F64}_ENC2
[DETECTION] Contains virus patterns of Adware ADWARE/Bundledz.C
[NOTE] The file was moved to the quarantine directory under the name '5eb23f3c.qua'.
C:\ProgramData\Lavasoft\AntiMalware\Quarantine\{11AEB088-CD85-42CA-88AD-0FD458C78686}_ENC2
[DETECTION] Is the TR/Agent.ASOY Trojan
[NOTE] The file was moved to the quarantine directory under the name '47dc04a4.qua'.
C:\Program Files\Warcraft III\World Editor.exe
[DETECTION] Is the TR/Drop.QuickBatch.U.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2b41285a.qua'.


End of the scan: 12. srpna 2012 20:29
Used time: 39:29 Minute(s)

The scan has been done completely.

16709 Scanned directories
355239 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
11 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
355228 Files not concerned
3882 Archives were scanned
12 Warnings
15 Notes
357951 Objects were scanned with rootkit scan
4 Hidden objects were found

[Rudy]

11 virů Avira přesunula do karantény. Řada z nich byla ale karnténa pžedcjozích bezpečnostních program. Takže by to mělo být OK.

[Marcillon]

Dobre diky za vas nazor a za pomoc moc si toho vazim.

[Rudy]

Rádo se stalo!

[Marcillon]

je mi jasny ze otrevuju ale bylo by mozny mi nejak projet ten pocitac jeste tim combofixem nebo necim jinym, porad je to zabrzdeny a jeste mi obcas ted vyskoci nejaky reklamni okno...nechci otravovat ale pripada mi to ze v tom pc jeste neco je.

[Rudy]

OK. Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Marcillon]

ComboFix 12-08-10.02 - Marcillon 12.08.2012 22:01:50.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.2046.632 [GMT 2:00]
Spuštěný z: c:\users\Marcillon\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Marcillon\AppData\Roaming\7za.exe
c:\users\Marcillon\AppData\Roaming\a.7z
c:\users\Marcillon\AppData\Roaming\Google\Update\1
c:\users\Marcillon\AppData\Roaming\Google\Update\1\SD\m.txt
c:\users\Marcillon\AppData\Roaming\Google\Update\1\SD\s.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-12 do 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 20:05 . 2012-08-12 20:05 -------- d-----w- c:\users\Marcillon\AppData\Local\temp
2012-08-12 20:05 . 2012-08-12 20:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-12 20:05 . 2012-08-12 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 17:47 . 2012-08-12 17:47 -------- d-----w- c:\users\Marcillon\AppData\Roaming\Avira
2012-08-12 17:40 . 2012-07-18 16:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-12 17:40 . 2012-07-18 16:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-12 17:40 . 2012-07-18 16:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-12 17:40 . 2012-08-12 17:40 -------- d-----w- c:\programdata\Avira
2012-08-12 17:40 . 2012-08-12 17:40 -------- d-----w- c:\program files\Avira
2012-08-12 17:36 . 2012-08-12 17:36 -------- d-----w- c:\programdata\GFI Software
2012-08-11 21:11 . 2012-08-12 11:08 -------- d-----w- c:\program files\trend micro
2012-08-10 16:46 . 2012-08-11 18:41 -------- d-----w- c:\users\Marcillon\AppData\Local\PokerStars
2012-08-10 16:45 . 2012-08-10 16:50 -------- d-----w- c:\program files\PokerStars
2012-08-10 16:45 . 2012-08-11 20:32 -------- d-----w- c:\users\Marcillon\AppData\Roaming\Microgaming
2012-08-10 16:43 . 2012-08-10 16:43 -------- d-----w- c:\programdata\MGS
2012-08-10 16:43 . 2012-08-10 16:43 -------- d-----w- C:\Microgaming
2012-08-07 20:18 . 2012-08-07 20:18 -------- d-----w- c:\program files\Common Files\Steam
2012-08-06 12:44 . 2012-08-06 12:44 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-08-06 12:43 . 2012-08-06 12:43 -------- d-----w- c:\windows\PCHEALTH
2012-08-06 12:43 . 2012-08-06 12:43 -------- d-----w- c:\program files\Microsoft.NET
2012-08-06 12:43 . 2012-08-06 12:43 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-08-06 12:43 . 2012-08-06 12:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-08-06 12:43 . 2012-08-06 12:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-08-06 12:42 . 2012-08-06 12:42 -------- d-----w- c:\users\Marcillon\AppData\Local\Microsoft Help
2012-08-06 12:41 . 2012-08-06 12:47 -------- d-----w- c:\programdata\Microsoft Help
2012-08-06 12:41 . 2012-08-06 12:41 -------- d-----r- C:\MSOCache
2012-08-05 15:49 . 2012-08-12 17:36 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-08-05 15:49 . 2012-08-05 15:49 -------- d-----w- c:\programdata\Lavasoft
2012-08-05 15:49 . 2012-08-05 15:49 -------- d-----w- c:\users\Marcillon\AppData\Local\Downloaded Installations
2012-08-05 15:49 . 2012-08-05 15:49 -------- d-----w- c:\users\Marcillon\AppData\Local\adawarebp
2012-08-05 15:48 . 2012-08-05 15:48 -------- d-----w- c:\program files\Toolbar Cleaner
2012-08-05 15:48 . 2012-08-05 15:48 -------- d-----w- c:\users\Marcillon\AppData\Roaming\Blekko
2012-08-05 15:48 . 2012-08-05 15:48 -------- d-----w- c:\program files\adawaretb
2012-08-05 15:48 . 2012-08-05 20:40 -------- d-----w- c:\users\Marcillon\AppData\Roaming\Ad-Aware Antivirus
2012-08-04 22:08 . 2012-08-04 22:13 -------- d-----w- C:\Reborn
2012-07-16 18:24 . 2012-05-15 09:28 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-07-16 18:23 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-16 18:23 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-16 18:23 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-16 18:23 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-16 18:23 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-16 18:23 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-16 17:58 . 2012-07-16 18:25 -------- d-----w- c:\program files\Diablo III
2012-07-16 17:58 . 2012-07-16 18:12 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-16 17:58 . 2012-07-16 18:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2012-07-14 23:16 . 2012-07-14 23:16 -------- d-----w- c:\users\Marcillon\AppData\Roaming\NVIDIA
2012-07-14 23:14 . 2012-08-05 17:28 -------- d-----w- c:\program files\Worms Reloaded
2012-07-13 21:49 . 2012-07-13 21:58 -------- d-----w- c:\users\Marcillon\AppData\Roaming\EBookSys
2012-07-13 21:49 . 2012-07-13 21:49 -------- d-----w- c:\program files\E-Book Systems
2012-07-13 21:41 . 2012-07-13 21:41 -------- d-----w- c:\programdata\Premium
2012-07-13 21:41 . 2012-07-13 21:41 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 12:20 . 2012-05-22 23:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 12:20 . 2012-05-22 23:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-23 00:23 . 2012-05-23 00:20 2829 ----a-w- c:\windows\War3Unin.pif
2012-05-23 00:23 . 2012-05-23 00:20 139264 ----a-w- c:\windows\War3Unin.exe
2012-05-22 23:44 . 2012-05-22 23:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-15 10:26 . 2012-05-23 00:13 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-05-23 00:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-05-23 00:13 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2012-05-23 00:13 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2009-07-13 22:09 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2009-06-10 21:19 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 09:28 . 2012-05-23 00:14 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-05-23 00:14 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-05-23 00:14 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-05-23 00:14 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-05-23 00:14 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-14 23:43 . 2012-05-22 23:26 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D1D3B81-D4DB-4E0B-AADF-89774A8BBCBD}\mpengine.dll
2012-08-04 11:53 . 2012-05-27 19:21 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"GarenaMessenger"="c:\program files\Garena Plus\GarenaMessenger.exe" [2012-07-31 7123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
2011-12-09 16:14 6835072 ----a-w- c:\program files\QIP 2010\qip.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R4 4game;4game;c:\program files\4game\4game\4GameService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - SSMDRV
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 12:20]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_1&u=___userid___
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Marcillon\AppData\Roaming\Mozilla\Firefox\Profiles\0fmekfxl.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
MSConfigStartUp-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-12 22:06:49
ComboFix-quarantined-files.txt 2012-08-12 20:06
.
Před spuštěním: Volných bajtů: 142 686 904 320
Po spuštění: Volných bajtů: 142 605 697 024
.
- - End Of File - - 888FCAFBB2D1FA4A0C26722AFAE74DA3

[Rudy]

Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

[Marcillon]

Super zatim to vypada docela dobre kdyby me skakala nejaka ta reklama nebo se to nejak zasekavalo tak bych se sem obratil zase o pomoc ale tedka to vypada znatelne lip...Jeste bych se rad optal jakej programek by jste me doporucil pro kvalitni defragmentaci disku, popr. kterej nechce moc prazdneho mista na disku Vim ze kdysi jsem byl v blbe situaci kdy jsem nemel media na vypalovani a mel jsem plny disk a nemel co smazat a ve win. to chcelo docela velky podil volneho mista...a jeste bych se rad optal jestli by jste mi nedoporucil nejakej program kterej je bezpecnej a vyskenoval by me HW co mam zjistil ovladace popr. sosnul z bezpecnejch stranek aktualni...pokud mozno aby byl free Diky moc za vase usili a preju hodne stesti......

[Rudy]

Mohl bych doporučit Defraggler: http://www.stahuj.centrum.cz/utility_a_ ... efraggler/ . Sám ho používám a mám s ním dobré zkušenosti. Nemáte zač a za přání děkujeme!